This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- 5420 EXOS automatic VLAN creation when connected t...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
5420 EXOS automatic VLAN creation when connected to Fortigate Firewall
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-14-2021 09:36 AM
Hi all,
today I was setting up a new customer location (Fortigate, 5420 Exos and some APs).
First off all I figured out the Fortigate (LAN1 will be the uplink to 5420 Port 1).
LAN1 of Fortigate do have 4 tagged VLANs.
Now the switch is connected and have default configuration.
I was wondering why all the 4 VLANs which are configrued on fortigate lan1 are automaticly configured on the 5420 ?
Is there a new feature?
Already checked some standard features like lldp, but can't figure out where it comes from.
Default FW version is 31.3.1.3 patch1-7
thanks!
today I was setting up a new customer location (Fortigate, 5420 Exos and some APs).
First off all I figured out the Fortigate (LAN1 will be the uplink to 5420 Port 1).
LAN1 of Fortigate do have 4 tagged VLANs.
Now the switch is connected and have default configuration.
I was wondering why all the 4 VLANs which are configrued on fortigate lan1 are automaticly configured on the 5420 ?
Is there a new feature?
Already checked some standard features like lldp, but can't figure out where it comes from.
Default FW version is 31.3.1.3 patch1-7
thanks!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-17-2021 08:33 AM
I took a wireshark of an EXOS doing ZTP; see for your selves.
The switch in question was rebooted with "unconfigure switch".
https://extremenetworks2com-my.sharepoint.com/:u:/g/personal/lstevens_extremenetworks_com/EWnzkG1Blx...
The switch in question was rebooted with "unconfigure switch".
https://extremenetworks2com-my.sharepoint.com/:u:/g/personal/lstevens_extremenetworks_com/EWnzkG1Blx...
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-16-2021 03:29 AM
>Is the switch sending a dhcp discover on every vlan (1-4096) and after getting an answer he will create that vlan?
Yes, that is correct, EXOS does that. Up to 4095 though, and untagged as well of course.
Yes, that is correct, EXOS does that. Up to 4095 though, and untagged as well of course.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-16-2021 01:57 AM
Thanks @Gabriel_G
Already found that deactivating the auto-provisioning stops it.ā
Normal behavier of course is to configured the switch first and afterward connecting to the network.
So thats may be the reason why I saw that for the first time.
So I'm wondering how it works.
Is the switch sending a dhcp discover on every vlan (1-4096) and after getting an answer he will create that vlan?
Thanks a lot.
Regards
Nico
Already found that deactivating the auto-provisioning stops it.ā
Normal behavier of course is to configured the switch first and afterward connecting to the network.
So thats may be the reason why I saw that for the first time.
So I'm wondering how it works.
Is the switch sending a dhcp discover on every vlan (1-4096) and after getting an answer he will create that vlan?
Thanks a lot.
Regards
Nico
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-15-2021 10:40 AM
This was most likely ZTP or ZTP+.
ZTP (auto-provisioning) starts automatically on a factory default bootup and detects attached VLANs based on the tags of incoming traffic. The switch dynamically creates and assigns these VLANs and enables DHCP on them in an attempt to connect to the network without configuration.
ZTP+ is an extension of this whereby you can use DNS entries and/or DHCP options to point the switch to a full configuration.
Regardless, those VLANs were probably detected based on incoming traffic, and if your FW is hosting DHCP, the switch probably got a few IP addresses. If you want to stop this behavior, 'disable auto-provision' on startup. ZTP does not take effect on a switch that's already been configured/saved; only on factory default bootup.
I'm not sure when this feature was introduced but it's been a while.
Hope that helps!
Gabriel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-15-2021 05:07 AM
Maybe you had defined the VLANs on XIQ-SE (XMC) and you onboarded the EXOS switch via ZTP+ ? Then the site VLANs will get created automatically on the switch.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-15-2021 04:59 AM
Hi nico,
This is interesting. Fortinet as a kind of "Fabric" and I'm wondering if they based this on the auto-attach RFC (802.1Qcj) used for the Fabric-Attach.
Could you on the EXOS the FA status?
Mig
This is interesting. Fortinet as a kind of "Fabric" and I'm wondering if they based this on the auto-attach RFC (802.1Qcj) used for the Fabric-Attach.
Could you on the EXOS the FA status?
show fabric attach assignments
show fabric attach elements
show port 1 vlanThanks
sh lldp port 1 neighbors detailed
Mig
